* @see org.projectforge.core.BaseDao#hasAccess(Object, OperationType)
*/
@Override
public boolean hasAccess(final PFUserDO user, final AuftragDO obj, final AuftragDO oldObj, final OperationType operationType)
{
final AccessChecker accessChecker = UserRights.getAccessChecker();
final UserGroupCache userGroupCache = UserRights.getUserGroupCache();
if (operationType == OperationType.SELECT) {
if (accessChecker.isUserMemberOfGroup(user, ProjectForgeGroup.CONTROLLING_GROUP) == true) {
return true;
}
if (accessChecker.hasRight(user, getId(), UserRightValue.READONLY, UserRightValue.PARTLYREADWRITE, UserRightValue.READWRITE) == false) {
return false;
}
} else {
if (accessChecker.hasRight(user, getId(), UserRightValue.PARTLYREADWRITE, UserRightValue.READWRITE) == false) {
return false;
}
}
if (obj != null
&& accessChecker.isUserMemberOfGroup(user, ProjectForgeGroup.FINANCE_GROUP) == false
&& CollectionUtils.isNotEmpty(obj.getPositionen()) == true) {
// Special field check for non finance administrative staff members:
if (operationType == OperationType.INSERT) {
for (final AuftragsPositionDO position : obj.getPositionen()) {
if (position.isVollstaendigFakturiert() == true) {
throw new AccessException("fibu.auftrag.error.vollstaendigFakturiertProtection");
}
}
} else if (oldObj != null) {
for (short number = 1; number <= obj.getPositionen().size(); number++) {
final AuftragsPositionDO position = obj.getPosition(number);
final AuftragsPositionDO dbPosition = oldObj.getPosition(number);
if (dbPosition == null) {
if (position.isVollstaendigFakturiert() == true) {
throw new AccessException("fibu.auftrag.error.vollstaendigFakturiertProtection");
}
} else if (position.isVollstaendigFakturiert() != dbPosition.isVollstaendigFakturiert()) {
throw new AccessException("fibu.auftrag.error.vollstaendigFakturiertProtection");
}
}
}
}
if (accessChecker.isUserMemberOfGroup(user, UserRights.FIBU_ORGA_GROUPS) == true
&& accessChecker.hasRight(user, getId(), UserRightValue.READONLY, UserRightValue.READWRITE)) {
// No further access checking (but not for users with right PARTLY_READWRITE.
} else if (obj != null) {
// User should be a PROJECT_MANAGER or PROJECT_ASSISTANT or user has PARTLYREADWRITE access:
boolean hasAccess = false;
if (accessChecker.userEquals(user, obj.getContactPerson()) == true) {
hasAccess = true;
}
if (obj.getProjekt() != null && userGroupCache.isUserMemberOfGroup(user.getId(), obj.getProjekt().getProjektManagerGroupId())) {
hasAccess = true;
}